package net.jsoft.platform.security.config.WebSecurity;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import net.jsoft.platform.security.entity.parms.SecurityParms;
import net.jsoft.platform.security.repository.SecurityParmsRepository;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
    private static final Logger logger = LogManager.getLogger();

    @Autowired
    SecurityParmsRepository repository;

    @Autowired
    private CustomAuthenticationProvider authProvider;

    @Override
    protected void configure(HttpSecurity http) throws Exception
    {
        //允许iframe跨域操作
        http.headers().frameOptions().sameOrigin().httpStrictTransportSecurity().disable();

        SecurityParms antMatchersList = repository.selectParms("ANTMATCHERS");
        SecurityParms loginList = repository.selectParms("LOGINPAGE");
        SecurityParms index = repository.selectParms("INDEXPAGE");
        String indexPage = index == null ? "/index" : index.getValue();

        String antMatchers = antMatchersList == null ? "/" : ("/," + antMatchersList.getValue());
        antMatchers+=",/oauth/*";
        String login = loginList == null ? "/" : loginList.getValue();
        String[] antMatchersArray = antMatchers.split(",");

        logger.info("=========白名单===========" + antMatchers);

        http.authorizeRequests().antMatchers(antMatchersArray).permitAll()//不需要任何认证就可以访问，其他的路径都必须通过身份验证。
                .anyRequest().authenticated() //任何请求,登录后可以访问
                //通过formLogin()定义当需要用户登录时候，转到的登录页面。
                .and().formLogin().loginPage(login).defaultSuccessUrl(indexPage).permitAll()//登录成功后默认跳转到"/hello"
                //注销
                .and().logout().logoutSuccessUrl(login).permitAll();//退出登录后的默认url是"/home"
        //关闭csrf 防止循环定向
        http.csrf().disable();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception
    {
        auth.authenticationProvider(authProvider);
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception
    {
        return super.authenticationManagerBean();
    }

}